NGINX.COM

On September 24, 2014, a vulnerability was revealed in the Bash shell interpreter. The details are described in CVE-2014-6271. Note that there is a follow‑up vulnerability (CVE-2014-7169) that has not been patched as of this writing.

This bug does not affect the NGINX or NGINX Plus software directly, but if you are running on an affected host system, we recommend that you upgrade the copy of bash on that system as soon as possible.

Please refer to your operating system vendor’s instructions. For your convenience, here are a few links:

NGINX Plus AMIs on AWS

The NGINX Plus Amazon Machine Images (AMIs) (Version 1.3) are built on Amazon Linux or Ubuntu, and suffer from this vulnerability. We’re building and testing updated AMIs, and in the interim you need to run the following commands to manually update the bash package on those AMIs:

  • For Amazon Linux AMIs:

    $ sudo yum update bash
  • For Ubuntu AMIs:

    $ sudo apt-get update
    $ sudo apt-get install bash

Note that new Amazon Linux‑based instances are automatically updated on startup.

Hero image
Are Your Applications Secure?

Learn how to protect your apps with NGINX and NGINX Plus

关于作者

Owen Garrett

产品管理高级总监

Owen is a senior member of the NGINX Product Management team, covering open source and commercial NGINX products. He holds a particular responsibility for microservices and Kubernetes‑centric solutions. He’s constantly amazed by the ingenuity of NGINX users and still learns of new ways to use NGINX with every discussion.

关于 F5 NGINX

F5, Inc. 是备受欢迎的开源软件 NGINX 背后的商业公司。我们为现代应用的开发和交付提供一整套技术。我们的联合解决方案弥合了 NetOps 和 DevOps 之间的横沟,提供从代码到用户的多云应用服务。访问 nginx-cn.net 了解更多相关信息。